View access permissions (public + CERN registered)

How To
1

Hello all,

Could you please advise how to proceed in order to grant public view access only to the home page and to one more node and keep the rest of the site accessible to CERN registered?

Should I follow the steps suggested here?: How to grant view access by node
Is there another way?

Thank you in advance,
Katerina

P.S. I am still working on the test-site, it is ready but the migration is not done yet (waiting for the D7 site’s backup). I should better define the permissions now, right?

2

Hello Katerina,

By default Drupal gives you options to grant access by content type. so all the nodes of a content type will have the same access. If you want to grant access by node, I suggest one of the following ways:

  • Content Access Module: It has more features than any other module that does the job but it is not covered by the security team of Drupal neither has a fully stable version yet. Hopefully it will be
  • Nodeaccess module: it is simpler than the content access module with less features but it is in a stable state.
  • Permissions by term solution: It is more complicated to set up permissions in this case and I have analysed it in this post. However it provides more flexibility since you configure the different access.

Yes you can define the permissions now

Konstantinos

3

Hello Konstantine,

Thank you for your reply.

Regarding the Content Access module, could you please clarify what do you mean by “fully stable”?
Does this means there is a risk of turning restricted pages publicly accessible?

So far, this module seems to be the simplest way to proceed in defining the access. We have tested in other sites as well, without issues until now.

Thank you.
Regards,
Katerina

4

Hello Katerina,

It means that according to the developer the module is not stable yet. This might mean functionalities potentially not working or, as you mention, potential security issues. It is a label that the maintainer of the module has set to show that he/she cannot guarantee that the module will do what it is supposed to do even though it is published.

Konstantinos

5

Hello Konstantine,

Thank you for the clarification.

I did follow the steps of the post where you explain how to set up the Permissions by term solution.

I used the remote desktop to verify the visibility when the user is not logged in (from home, we need to be logged in in order to access the test-sites), and it seems that it is not working.

The development site is the https://test-be-safety.web.cern.ch/.
Only 2 nodes are to be public: the above landing home page and the basic page https://test-be-safety.web.cern.ch/mandat-be-safety-unit

May i please ask you to check and let me know what is wrong?

Thank you in advance.
Regards,
Katerina

P.S. FYI, I had initially installed the Content access module, without touching it though after the installation.

6

Hi Katerina,

First of all you need to uninstall the Content Access module if you want to try the Permissions by term. The two modules can’t work together. Go to Extend->Uninstall tab and select and uninstall the module from the list. Then go and clear caches.

You need to add the taxonomy term for specific access to the rest of the pages. I checked some of them and the Access field was empty.

I would suggest that you go to Structure->Content types and set for every content type the default access value when a node is created (I suggest public). For example in Basic page settings you have set it to Registered.

During node’s creation or editing the editor can decide what extra access should give to that node. Also I noticed that in Access field’s settings you have limited to 1 value. That means that you can’t give access to more than one roles.

For the nodes already created I am afraid you have to visit them all and update the Access settings.

In order for the editor to view better the Access options, I have changed the node display format of the Access field to Select list in the Landing Page content type as an example. You can change this in the rest of the content types. Once you allow more values in this field it will turn into checkboxes for all available roles.

After you finish updating all nodes I recommend to rebuild permissions by going to Reports->Status report and click on the Rebuild permissions link in Node Access Permissions section.

If you are not happy with the Permissions by Term module, I can tell you how to setup the Content Access one.

7

Hi Sotiri,

Thank you for your reply.
Before i proceed in the suggested changes, some clarifications/questions:

This is mainly a CERN internal website. Only two nodes will be accessible publicly. This is why the default is Registered.

I thought that since the default access value was set, I only need to update and change the access to the two public nodes.
This is not the case? I should update every single node of the website?

Should i choose “unlimited values”?

We use Content Access module in another website and works ok, however we want to try Permissions by Term node following Konstantinos’ suggestions, since the Content access is not supported/secure.

Thank you.
Katerina

8

Hi Katerina,

I don’t have much experience with this module but that’s not the case. It seems that you have to set them all by hand. This setting applies only for the newly created ones.

Yes

9

Hello Sotiri,

I have made the changes mentioned above, and it looks ok.
I only noticed something strange: it seems there is a “bug” with the About us > Mandate SLP; even though the access is set to “registered”, it is still visible publicly.

Thank you,
Katerina

10

Hi Katerina,

Indeed there is something with this node.

I recommend that you delete it and create it again.

11

Hi Sotiri,

I did delete it and recreate it.
Is if fine now, thank you.

Have a nice day,
Katerina